It was the employer’s policy to have data kept in employees homes for “safe keeping”

Submit: Add to your Digg This Slashdot GotNews StumbledUpon Reddit

In the security breach du jour, the State of Ohio announced that private information (names, social security numbers, and maybe more) on 64,000 state employees was compromised.

They were stolen from a state intern’s car, where they were written to a portable storage device (thumb drive? USB hard drive? the story does not say).

The practice of taking state information to employees’ homes is apparently the official policy. A news article reads, “Under protocol in place since 2002, a first backup storage device is kept at a temporary work site for a state office along with the computer system that holds all the employee information, and a second backup device is given to employees on a rotating basis to take home for safekeeping, officials said.”

They go on to say that the security procedure failed.

I take issue with that. The security procedure was carried out, but it was flawed from the beginning. The POLICY failed to take into account the risks associated with storage of official (and private) information away from work premises, in employee homes where the employer has no control or awareness of safekeeping practices.

Link to news article:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.